Make form-not-secure controllable as its own separate Finch feature

chrome/app/generated_resources.grd

Index: chrome/app/generated_resources.grd
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 5f638f60cb05027ebb21613f51a0843385097426..afc12f500ef8835cd5d1124e8b78f0557379170c 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -5358,6 +5358,12 @@ Keep your key file in a safe place. You will need it to create new versions of y
       <message name="IDS_NACL_DEBUG_MASK_CHOICE_INCLUDE_DEBUG">
         Debug only if manifest URL ends with debug.nmf.
       </message>
+      <message name="IDS_ENABLE_HTTP_FORM_WARNING_NAME" desc="Name of the 'HTTP form warning' lab.">
+        Show form warnings for sensitive fields on HTTP pages
+      </message>
+      <message name="IDS_ENABLE_HTTP_FORM_WARNING_DESCRIPTION" desc="Description of the 'HTTP form warning' lab.">
+        Shows an in-form warning when password or credit card fields are detected on an HTTP page

[elawrence, 2016/12/19 20:11:46]

The wording "in-form warnings" seems somewhat more clear than "form warnings"
but we don't use that wording in the name, only in the description? 

"Shows an in-form warning when password or credit card fields are detected on an
HTTP page" -- Are the warnings in the |form| even if the field is not, or are
the warnings added to the field itself, such that an invisible field does not
show the warning? If the latter, maybe "Attaches a warning UI to any password or
credit card fields detected on a non-secure page"?

The phrasing `HTTP Page` feels a bit problematic, insofar as a common pattern is
to embed a HTTPS page containing a sensitive field, in a frame on a non-secure
outer page.

[estark, 2016/12/19 20:49:45]

Done.
Done.
Changed to "when the top-level page is not HTTPS" which is kind of wordy, but
honestly I've kinda given up hope on using great terminology for these things.
Everything I can think of is confusing and/or inaccurate in one way or another.

+      </message>
       <message name="IDS_MARK_HTTP_AS_NAME" desc="Name of the 'Mark Non-Secure Origins As' lab.">
         Mark non-secure origins as non-secure
       </message>
@@ -5373,9 +5379,6 @@ Keep your key file in a safe place. You will need it to create new versions of y
       <message name="IDS_MARK_HTTP_WITH_PASSWORDS_OR_CC_WITH_CHIP">
         Display a verbose state when password or credit card fields are detected on an HTTP page
       </message>
-      <message name="IDS_MARK_HTTP_WITH_PASSWORDS_OR_CC_WITH_CHIP_AND_FORM_WARNING">
-        Display a verbose state and form warning when password or credit card fields are detected on an HTTP page
-      </message>
       <message name="IDS_FLAGS_SAVE_PAGE_AS_MHTML_NAME" desc="Name of the 'Save Page as MHTML' lab.">
         Save Page as MHTML
       </message>